Summary
Overview
Work History
Education
Skills
Certification
Languages
Timeline
Generic

AHMED SAAD AHMED KHAIR

Sr. Cyber Security Engineer
Cairo

Summary

Proven track record in web application security testing & network penetration testing utilizing both manual & automated techniques with extensive expertise in developing & implementing robust security solutions to safeguard critical assets against evolving cyber threats. Possess strong background in information security, consistently delivering impactful results through meticulous analysis, strategic planning & execution, while ensuring by conducting ISO 27001 audits. Showcased excellence leading the design & execution of comprehensive web application security testing strategies, leveraging industry-leading tools & methodologies to identify vulnerabilities & weaknesses in complex application environments. Successfully uncovered critical security gaps & provided actionable recommendations for remediation by conducting thorough assessments & penetration tests, ultimately fortifying the organization's defenses & mitigating risk exposure. Competent across various Penetration Testing Methodologies, encompassing critical aspects such as Information Gathering, Network Mapping, Reconnaissance, Port & Network Scanning, Vulnerability Scanning, Session Management Testing, System Testing, Authentication & Access Testing, Regression Testing & Dos Testing. Notable success in steering network penetration testing, while spearheading initiatives to assess the security posture of network infrastructure encompassing firewalls, routers & servers. Successfully identified vulnerabilities & misconfigurations, enabling proactive remediation efforts to enhance overall network security & resilience. Innate excellence in staying abreast of emerging threats & industry best practices, continuously refining security strategies to address new challenges, evolving cyber threats and effectively ensuring complete adherence to regulatory compliance.

Overview

17
17
years of professional experience
11
11
Certifications

Work History

Head of Information Security Section

Aljazeera Sudanese Jordanian Bank
09.2021 - Current
  • Develop and maintain a comprehensive Information security strategy that aligns with the organization business goal.
  • Lead coach Information bank security team and as contact person in the escalation chain.
  • Lead Information security management and coordinate with GRC to comply with Sudan regulation Central, PCI-DSS, ISO- 27001 and other local regulations (Policies, Standards, Baselines, Guidelines, and Procedures).
  • Create and maintain the bank security architecture design and awareness program.
  • Select and acquire security solutions or enhancements to existing security solutions to improve.
  • Overall bank security as per the banks existing procurement processes.
  • Supervise all investigations into problematic activity and provide on-going communication with senior management.
  • Supervise the design and execution of risk assessment, business continuity, disaster recovery, and incident management plan.
  • Developed concise, tailored cyber security awareness content.
  • Track and implement corrective action plans resulting from audit findings.
  • Evaluate and recommend cybersecurity GRC tools suitable for enhancing existing.
  • Support internal audits of processes documentation for external assessments.
  • Prepared, executed and reported on audit of cybersecurity controls include intervie, document review and testing of the systems to support compliance audit activities.

Head of Cyber Security Section - (SOC)

Aljazeera Sudanese Jordanian Bank
01.2017 - 09.2021
  • Improves security positioning through process improvement, policy, audit, automation and continuous evolution of capabilities.
  • Manage implementation processes and continuously monitor information security controls, risk and compliance oversight of IT policy and procedures.
  • Technical design, architecture, development, triage, prioritize and investigate in SIEM, Anti-DDOS and other deployed solutions.
  • Ensure all investigations requiring a security incident are raised in agreement with SLAs.
    Manage infrastructure technology security and risk control self-assessments.
  • Review and provides advice on the creation of IT Infrastructure and Security.
  • Improves security positioning through process improvement, policy, audit, automation and continuous evolution of capabilities.
  • Escalation points and follow-up activities related to information security incidents, breaches and forensic investigations.
    Manage SOC team in investigating and responding to cyber-attacks.
  • Work with Business Continuity management to ensure that the disaster recovery (CRISIS management) and business continuity plans drive disaster recovery (DR) strategy and procedures.
    Implement security standards and demonstrate best partisan ISMS, PCI-DSS and documentation as required.
  • Prepare and review request for proposals (RFP) For IT security.
    Executed threat modeling exercise to determine higher likehood threats events to inform cybersecurity risk modeling.
    Support internal and external ISO audit teams through audit management in periodic audits of ISMS.
  • Design security platforms and their associated infrastructure.
    Participate in technology projects committees to ensure adequate and timely governance and risk reviews.
  • Manage infrastructure technology security and risk control self-assessments.
  • Escalation points and follow-up activities related to information security incidents, breaches and forensic investigations.
  • Manage SOC team in investigating and responding to cyber-attacks.
  • Prepare and review request for proposals (RFP) For IT security.
  • Executed threat modeling exercise to determine higher likelihood threats events to inform cybersecurity risk modeling.
  • Design security platforms and their associated infrastructure

Head of IT (Network & Security) Sections

Aljazeera Sudanese Jordanian Bank
02.2014 - 01.2017
  • Deployed advanced Security Information and Event Management (SIEM) solutions to analyze security events effectively, enabling swift investigations into potential security breaches
  • Conducted thorough vulnerability assessments utilizing tools like Nessus and OpenVAS across networks, systems, and applications
  • Analyzed findings to identify potential security gaps and recommended remediation strategies
  • Documented comprehensive vulnerability assessment reports, including findings, recommendations, and remedial actions
  • Ensured adherence to regulatory requirements and maintained accurate records for audit purposes
  • Provided expert guidance to Level 1 engineers on troubleshooting procedures and best practices, enhancing team capabilities and ensuring efficient incident response
  • Successfully managed the migration of mail data from an outdated system to a new secure platform
  • Ensured zero data loss, validated data integrity, and implemented stringent security measures to safeguard sensitive information.
  • Install all new hardware, systems and software for networks.
  • Install, configure, and maintain network services and equipment services.
  • Support administration of servers and server cluster.
  • Plan and support network and computing infrastructure.
  • Monitors network systems and all systems performance and implements performance tuning.
  • Manage user accounts, permissions, emails, antivirus and anti-spam.
  • Implemented robust network security measures to safeguard critical data, software, and hardware infrastructure from cyber threats
  • Successfully deployed, replaced, and upgraded over 70 security appliances across physical and virtual environments, ensuring optimal performance and enhanced security posture
  • Provided Tier 3 and Tier 2 support , resolving complex technical issues and ensuring seamless operation of security systems
  • Collaborated with cross-functional teams on research and analysis, contributing significantly to 70% of investigative efforts into security incidents and threats
  • Diligently documented security system installations and incident responses to maintain accurate records, ensuring compliance with regulatory standards and facilitating audit processes
  • Played a key role in network design, segregation, and security integration, influencing 80% of architecture decisions to enhance overall network resilience and security
  • Bridged communication gaps between IT, businesses, and technical teams, achieving a 95% improvement in clarity and collaboration
  • Managed firewall configurations and activated critical features such as 2FA, VPN, IDS/IPS, antivirus, DLP, and SD-WAN
  • Implemented stringent security filters to protect against evolving threats.

Senior Network Engineer

AZ Technology Co.Lt
09.2011 - 02.2014
  • as a Project and Tender Engineer (Design, Planning, Estimating, Monitoring and controlling for executing) for All projects (Data Centers , Network, Telephone Network (PBX and VOIP), Wi-Fi wireless network, Data center design and planning and UPS planning and designing for SMP (Small business) network for data network.

Network Engineer

AZ Technology Co.Lt
01.2008 - 09.2011
  • Design and planning for Network (LAN, WAN, VOIP and wireless) infrastructure (Installation, configuration, troubleshooting), Fiber optic network Design/Planning/Implementation, Low Level of VOIP, Presales-Engineering/Technical experience in a growth environment with core focus on data/voice/Routing and switching communications, Data networking experience with emphasis on IPVPN and W1-Fi (wireless network), (Routing and Switching Installation~ configuration, troubleshooting) and Management, Telephone PBX Networking.

Education

Bachelor of Science - Computer Science

FUTURE UNIVERSITY
KHARTOUM- SUDAN
2004

Skills

    Security Engineering, Security Excellence & Governance

    Cybersecurity Solutions

    SIEM (Security Information and Event Management)

    Web Application Security & Network Penetration Testing

    Vulnerability Assessment

    Threat Detection

    Risk Management

    Cyber Security Solutions Architecture & Deployment

    Azure Security

    Intrusion Detection

    Security Audits & ISO Audits, Compliance Management

    Firewall Management

    Incident, Problem & Change Management

    Security Policies & Governance

    Security Solutions: Firewall, Email Filter, Web Application Firewall, SIEM, EDR, Antivirus, SOAR

    Virtualization & Cloud Technologies: vSphere, VMware, Microsoft Azure

    Email Security: Phishing, Malware, Antispam, Content Detection, SPF, DKIM, DMARC

    Web Security: OWASP Top 10, Bot Mitigation, Authentication

    Technical Documentation: Action Plan, POC Document, Vulnerability Assessment Report, Incident Report, Installation Document

    Vulnerability Assessment: Nessus, OpenVAS, Nmap, Acunetix, Metasploit

    IT Security Standards and Frameworks: ISO27001, NIST, PCI-DSS

    Security Information and Event Management (SIEM) System: SNMP, Syslog, Net Flow, Monitoring, Analysis, Parsing, Correlation

    Incident Response

    Ethical Hacking: Footprinting, Scanning, Gaining Access, Escalating Privileges, Maintaining

Certification

Certified Project Management Professional (PMP)

Languages

English & Arabic

Timeline

Head of Information Security Section

Aljazeera Sudanese Jordanian Bank
09.2021 - Current

Head of Cyber Security Section - (SOC)

Aljazeera Sudanese Jordanian Bank
01.2017 - 09.2021

Head of IT (Network & Security) Sections

Aljazeera Sudanese Jordanian Bank
02.2014 - 01.2017

Senior Network Engineer

AZ Technology Co.Lt
09.2011 - 02.2014

Network Engineer

AZ Technology Co.Lt
01.2008 - 09.2011

Bachelor of Science - Computer Science

FUTURE UNIVERSITY

Similar Profiles

  • OMER ELFATIH

    OMER ELFATIHOMER ELFATIH

    Financial Analyst and Foreign Trade Specialist at Central Bank of Sudan (CBOS)Financial Analyst and Foreign Trade Specialist at Central Bank of Sudan (CBOS)

  • Mohammed Elhussein

    Mohammed ElhusseinMohammed Elhussein

    Petroleum Geochemist at Sudanese Ministry Of Energy & Petroleum / Sudanese Petroleum Corporation/ Petroleum Laboratories, Research And Studies (PLRS)Petroleum Geochemist at Sudanese Ministry Of Energy & Petroleum / Sudanese Petroleum Corporation/ Petroleum Laboratories, Research And Studies (PLRS)

  • Shaimaa Gabr

    Shaimaa GabrShaimaa Gabr

    Documentary Photographer- Editor at Aljazeera storiesDocumentary Photographer- Editor at Aljazeera stories

  • Mohamed Medhat Elshoubary

    Mohamed Medhat ElshoubaryMohamed Medhat Elshoubary

    Healthcare Consultant at GLGHealthcare Consultant at GLG

  • Mahmoud Saeed Shabaan Ebrahim

    Mahmoud Saeed Shabaan EbrahimMahmoud Saeed Shabaan Ebrahim

    Lead Quantity Surveyor ( Pre-Contract) at Khatib & Alami –Egypt ( Head Office )Lead Quantity Surveyor ( Pre-Contract) at Khatib & Alami –Egypt ( Head Office )

CREATE PROFILE
AHMED SAAD AHMED KHAIRSr. Cyber Security Engineer